{"id":287,"date":"2024-09-18T12:11:12","date_gmt":"2024-09-18T12:11:12","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=287"},"modified":"2024-09-18T12:11:12","modified_gmt":"2024-09-18T12:11:12","slug":"australian-cops-bust-underworld-app-through-compromised-software-updates","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=287","title":{"rendered":"Australian cops bust underworld app through compromised software updates"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>Australia\u2019s Federal Police (AFB) said it hacked into a dedicated encrypted communication platform, Ghost, to dismantle global criminal operations.<\/p>\n<p>The action was carried out as part of \u201cOperation Kraken,\u201d a law enforcement action that concluded with the arrest of a New South Wales man, 32, for allegedly creating and administrating Ghost.<\/p>\n<p>\u201cAn alleged mastermind behind a secret app for criminals and violent enforcers has been charged by the AFP during a global takedown of an encrypted communications network,\u201d the AFP said in a press release. \u201cAbout 700 AFP members executed search warrants and provided support during two days of action across four Australian states and territories on September 17-18.\u201d<\/p>\n<p>The operation that has charged more than 50 Australian offenders for using Ghost, infiltrated the application earlier this year.<\/p>\n<h2 class=\"wp-block-heading\">Hacking Ghost\u2019s distribution channel<\/h2>\n<p>\u201cGhost,\u201d primarily designed for use by criminals, was an encrypted application that enabled users to organize illegal activities, including drug trafficking, money laundering, and orchestrating violence.<\/p>\n<p>Ghost was available to subscribers through modified smartphones, which were sold for about $2,350, including a six-month subscription to the encrypted network and tech support.<\/p>\n<p>Regular updates to Ghost were pushed out to these handsets by the administrator. The AFP, however, was able to infiltrate the release channel, with unspecified tech, and modify the updates to plant a backdoor.<\/p>\n<p>\u201cThe administrator regularly pushed out software updates, just like the ones needed for normal mobile phones,\u201d the AFP added. \u201cBut the AFP was able to modify those updates, which basically infected the devices, enabling the AFP to access the content on devices in Australia.\u201d<\/p>\n<p>When international partners, including the FBI, Europol and French Gendarmerie, Royal Canadian Mounted Police (RCMP), Swedish Police Authority, Dutch National Police, Irish Garda S\u00edoch\u00e1na, and the Italian Central Directorate for Anti-Drug Service, started targeting Ghost under an Operation code-named OTF NEXT, AFP saw an opportunity to run a parallel local Operation (Kraken), especially after it developed a \u201ccovert solution to infiltrate Ghost.\u201d<\/p>\n<p>\u201cTaking down dedicated encrypted communication devices takes significant skill,\u201d the AFP said. \u201cBut the holy grail is always penetrating criminal platforms to access evidence \u2013 and this is where the AFP is world-leading. And because we could read these messages, the AFP, with state partners, were able to prevent the death or serious injury of 50 individuals in Australia.\u201d<\/p>\n<h2 class=\"wp-block-heading\">Offense is the best defense<\/h2>\n<p>This isn\u2019t the first time law enforcement has used adversarial techniques to outsmart the adversary. Global authorities have previously taken down organized crime platforms, including <a href=\"https:\/\/www.csoonline.com\/article\/643888\/encrochat-bust-leads-to-6500-arrests-seizure-of-1b-in-assets.html\" target=\"_blank\" rel=\"noopener\">EncroChat<\/a>, <a href=\"https:\/\/www.europol.europa.eu\/media-press\/newsroom\/news\/new-major-interventions-to-block-encrypted-communications-of-criminal-networks\" target=\"_blank\" rel=\"noopener\">Sky ECC<\/a>, Phantom Secure, and <a href=\"https:\/\/www.europol.europa.eu\/media-press\/newsroom\/news\/800-criminals-arrested-in-biggest-ever-law-enforcement-operation-against-encrypted-communication\" target=\"_blank\" rel=\"noopener\">ANoM<\/a>, using similar tactics.<\/p>\n<p>\u201cHowever, it is the first time an Australian-based person is accused of being an alleged mastermind and administrator of a global criminal platform, of which the AFP was able to decrypt and read messages,\u201d AFP added.<\/p>\n<p>As of September 17, the AFP has alleged that there were 376 active handsets in Australia. The authorities, utilizing the intelligence gathered through the hack, conducted raids across four Australian states. The operation resulted in the execution of 71 search warrants, leading to 38 arrests. In addition, law enforcement seized 25 illegal weapons and intercepted 200 kilograms of illicit drugs that were prevented from reaching the streets.<\/p>\n<p>According to AFB, near-simultaneous police action is being undertaken in Ireland, Italy, Sweden, and Canada.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Australia\u2019s Federal Police (AFB) said it hacked into a dedicated encrypted communication platform, Ghost, to dismantle global criminal operations. The action was carried out as part of \u201cOperation Kraken,\u201d a law enforcement action that concluded with the arrest of a New South Wales man, 32, for allegedly creating and administrating Ghost. \u201cAn alleged mastermind behind [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":288,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-287","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/287"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=287"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/287\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/288"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=287"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=287"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=287"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}